Disable CSRF token validation for certain paths

In my application, I needed to disable CSRF token validation for certain actions. This is a hack I wrote to accomplish said task.

As far as I can tell, CHttpRequest "happens" before CUrlManager, so route information is not available in a proper fashion. Because this application uses certain CUrlManager settings that make URLs look like "controller/action", this works. There probably are nicer ways of doing this, but this might be useful to someone.

One such way would be instantiating a "temporary" CUrlManager for finding out the proper route, but that'd be hack-ish as well.

If I disable CSRF token validation application-wise, POST is ok. I think that the credt card payment gateway that should send me a POST request does someting strange I cannot understand.

Trivial, but first of all check at which exact path do you get the payment notification and if this is the path pointed in config file.
Then you may Yii::log() which way the request is processed inside HttpRequest to find the problem, or make custom request to the url for debugging.

The noCsrfValidationRoutes configuration array should contain the URL in final form and not in the form of route/action form, so if you have URL Manager components configured to translate request you have to put in the HttpRequest component configuration array in the final form.